зеркало из https://github.com/mozilla/pjs.git
Bug 292319, Set trust for XForms events. r=doron+aaronr, a=mkaply, NPOTB
This commit is contained in:
Родитель
af06e4842f
Коммит
92a6302273
|
@ -109,9 +109,8 @@ nsXFormsActionElement::OnDestroyed() {
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
nsXFormsActionElement::HandleEvent(nsIDOMEvent* aEvent)
|
nsXFormsActionElement::HandleEvent(nsIDOMEvent* aEvent)
|
||||||
{
|
{
|
||||||
if (!aEvent)
|
return nsXFormsUtils::EventHandlingAllowed(aEvent, mElement) ?
|
||||||
return NS_ERROR_INVALID_ARG;
|
HandleAction(aEvent, nsnull) : NS_OK;
|
||||||
return HandleAction(aEvent, nsnull);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
PR_STATIC_CALLBACK(PLDHashOperator) DoDeferredActions(nsISupports * aModel,
|
PR_STATIC_CALLBACK(PLDHashOperator) DoDeferredActions(nsISupports * aModel,
|
||||||
|
|
|
@ -78,8 +78,7 @@ NS_IMETHODIMP nsXFormsActionModuleBase::OnDestroyed()
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
nsXFormsActionModuleBase::HandleEvent(nsIDOMEvent* aEvent)
|
nsXFormsActionModuleBase::HandleEvent(nsIDOMEvent* aEvent)
|
||||||
{
|
{
|
||||||
if (!aEvent)
|
return nsXFormsUtils::EventHandlingAllowed(aEvent, mElement) ?
|
||||||
return NS_ERROR_INVALID_ARG;
|
HandleAction(aEvent, nsnull) : NS_OK;
|
||||||
return HandleAction(aEvent, nsnull);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -174,6 +174,8 @@ nsXFormsContextContainer::HandleDefault(nsIDOMEvent *aEvent,
|
||||||
if (!type.EqualsLiteral("focus"))
|
if (!type.EqualsLiteral("focus"))
|
||||||
return nsXFormsControlStub::HandleDefault(aEvent, aHandled);
|
return nsXFormsControlStub::HandleDefault(aEvent, aHandled);
|
||||||
|
|
||||||
|
if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
|
||||||
|
return NS_OK;
|
||||||
/*
|
/*
|
||||||
* Either we, or an element we contain, has gotten focus, so we need to set
|
* Either we, or an element we contain, has gotten focus, so we need to set
|
||||||
* the repeat index. This is done through the \<repeat\> the
|
* the repeat index. This is done through the \<repeat\> the
|
||||||
|
|
|
@ -66,15 +66,16 @@ nsXFormsHintHelpListener::HandleEvent(nsIDOMEvent* aEvent)
|
||||||
nsCOMPtr<nsIDOMEventTarget> target;
|
nsCOMPtr<nsIDOMEventTarget> target;
|
||||||
aEvent->GetCurrentTarget(getter_AddRefs(target));
|
aEvent->GetCurrentTarget(getter_AddRefs(target));
|
||||||
nsCOMPtr<nsIDOMNode> targetNode(do_QueryInterface(target));
|
nsCOMPtr<nsIDOMNode> targetNode(do_QueryInterface(target));
|
||||||
|
if (nsXFormsUtils::EventHandlingAllowed(aEvent, targetNode)) {
|
||||||
nsCOMPtr<nsIDOMKeyEvent> keyEvent(do_QueryInterface(aEvent));
|
nsCOMPtr<nsIDOMKeyEvent> keyEvent(do_QueryInterface(aEvent));
|
||||||
if (keyEvent) {
|
if (keyEvent) {
|
||||||
PRUint32 code = 0;
|
PRUint32 code = 0;
|
||||||
keyEvent->GetKeyCode(&code);
|
keyEvent->GetKeyCode(&code);
|
||||||
if (code == nsIDOMKeyEvent::DOM_VK_F1)
|
if (code == nsIDOMKeyEvent::DOM_VK_F1)
|
||||||
nsXFormsUtils::DispatchEvent(targetNode, eEvent_Help);
|
nsXFormsUtils::DispatchEvent(targetNode, eEvent_Help);
|
||||||
} else {
|
} else {
|
||||||
nsXFormsUtils::DispatchEvent(targetNode, eEvent_Hint);
|
nsXFormsUtils::DispatchEvent(targetNode, eEvent_Hint);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
|
@ -284,7 +285,8 @@ nsXFormsControlStub::HandleDefault(nsIDOMEvent *aEvent,
|
||||||
{
|
{
|
||||||
NS_ENSURE_ARG(aHandled);
|
NS_ENSURE_ARG(aHandled);
|
||||||
|
|
||||||
if (aEvent) {
|
if (nsXFormsUtils::EventHandlingAllowed(aEvent, mElement)) {
|
||||||
|
|
||||||
// Check that we are the target of the event
|
// Check that we are the target of the event
|
||||||
nsCOMPtr<nsIDOMEventTarget> target;
|
nsCOMPtr<nsIDOMEventTarget> target;
|
||||||
aEvent->GetTarget(getter_AddRefs(target));
|
aEvent->GetTarget(getter_AddRefs(target));
|
||||||
|
|
|
@ -108,11 +108,9 @@ nsXFormsDispatchElement::HandleAction(nsIDOMEvent* aEvent,
|
||||||
docEvent->CreateEvent(NS_LITERAL_STRING("Events"), getter_AddRefs(event));
|
docEvent->CreateEvent(NS_LITERAL_STRING("Events"), getter_AddRefs(event));
|
||||||
event->InitEvent(name, bubbles, cancelable);
|
event->InitEvent(name, bubbles, cancelable);
|
||||||
|
|
||||||
// XXX: What about uiEvent->SetTrusted(?), should these events be
|
|
||||||
// trusted or not?
|
|
||||||
|
|
||||||
nsCOMPtr<nsIDOMEventTarget> targetEl = do_QueryInterface(el);
|
nsCOMPtr<nsIDOMEventTarget> targetEl = do_QueryInterface(el);
|
||||||
if (targetEl) {
|
if (targetEl) {
|
||||||
|
nsXFormsUtils::SetEventTrusted(event, el);
|
||||||
PRBool defaultActionEnabled;
|
PRBool defaultActionEnabled;
|
||||||
targetEl->DispatchEvent(event, &defaultActionEnabled);
|
targetEl->DispatchEvent(event, &defaultActionEnabled);
|
||||||
}
|
}
|
||||||
|
|
|
@ -259,7 +259,10 @@ nsXFormsInputElement::HandleDefault(nsIDOMEvent *aEvent,
|
||||||
if (*aHandled || !mIncremental) {
|
if (*aHandled || !mIncremental) {
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
|
||||||
|
return NS_OK;
|
||||||
|
|
||||||
nsAutoString type;
|
nsAutoString type;
|
||||||
aEvent->GetType(type);
|
aEvent->GetType(type);
|
||||||
|
|
||||||
|
@ -290,7 +293,8 @@ nsXFormsInputElement::Focus(nsIDOMEvent *aEvent)
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
nsXFormsInputElement::Blur(nsIDOMEvent *aEvent)
|
nsXFormsInputElement::Blur(nsIDOMEvent *aEvent)
|
||||||
{
|
{
|
||||||
return UpdateInstanceData();
|
return nsXFormsUtils::EventHandlingAllowed(aEvent, mElement) ?
|
||||||
|
UpdateInstanceData() : NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
nsresult
|
nsresult
|
||||||
|
|
|
@ -270,9 +270,8 @@ nsXFormsMessageElement::OnDestroyed()
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
nsXFormsMessageElement::HandleEvent(nsIDOMEvent* aEvent)
|
nsXFormsMessageElement::HandleEvent(nsIDOMEvent* aEvent)
|
||||||
{
|
{
|
||||||
if (!aEvent)
|
return nsXFormsUtils::EventHandlingAllowed(aEvent, mElement) ?
|
||||||
return NS_ERROR_INVALID_ARG;
|
HandleAction(aEvent, nsnull) : NS_OK;
|
||||||
return HandleAction(aEvent, nsnull);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
|
|
@ -358,6 +358,9 @@ nsXFormsModelElement::DoneAddingChildren()
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
nsXFormsModelElement::HandleDefault(nsIDOMEvent *aEvent, PRBool *aHandled)
|
nsXFormsModelElement::HandleDefault(nsIDOMEvent *aEvent, PRBool *aHandled)
|
||||||
{
|
{
|
||||||
|
if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
|
||||||
|
return NS_OK;
|
||||||
|
|
||||||
*aHandled = PR_TRUE;
|
*aHandled = PR_TRUE;
|
||||||
|
|
||||||
nsAutoString type;
|
nsAutoString type;
|
||||||
|
@ -734,6 +737,9 @@ nsXFormsModelElement::OnError(nsresult aStatus,
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
nsXFormsModelElement::HandleEvent(nsIDOMEvent* aEvent)
|
nsXFormsModelElement::HandleEvent(nsIDOMEvent* aEvent)
|
||||||
{
|
{
|
||||||
|
if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
|
||||||
|
return NS_OK;
|
||||||
|
|
||||||
nsAutoString type;
|
nsAutoString type;
|
||||||
aEvent->GetType(type);
|
aEvent->GetType(type);
|
||||||
if (!type.EqualsLiteral("DOMContentLoaded"))
|
if (!type.EqualsLiteral("DOMContentLoaded"))
|
||||||
|
|
|
@ -349,6 +349,9 @@ nsXFormsSelectElement::TryFocus(PRBool* aOK)
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
nsXFormsSelectElement::HandleEvent(nsIDOMEvent *aEvent)
|
nsXFormsSelectElement::HandleEvent(nsIDOMEvent *aEvent)
|
||||||
{
|
{
|
||||||
|
if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
|
||||||
|
return NS_OK;
|
||||||
|
|
||||||
nsAutoString type;
|
nsAutoString type;
|
||||||
aEvent->GetType(type);
|
aEvent->GetType(type);
|
||||||
|
|
||||||
|
|
|
@ -283,6 +283,9 @@ nsXFormsSubmissionElement::OnDestroyed()
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
nsXFormsSubmissionElement::HandleDefault(nsIDOMEvent *aEvent, PRBool *aHandled)
|
nsXFormsSubmissionElement::HandleDefault(nsIDOMEvent *aEvent, PRBool *aHandled)
|
||||||
{
|
{
|
||||||
|
if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
|
||||||
|
return NS_OK;
|
||||||
|
|
||||||
nsAutoString type;
|
nsAutoString type;
|
||||||
aEvent->GetType(type);
|
aEvent->GetType(type);
|
||||||
if (type.EqualsLiteral("xforms-submit")) {
|
if (type.EqualsLiteral("xforms-submit")) {
|
||||||
|
|
|
@ -242,6 +242,9 @@ nsXFormsTriggerElement::HandleDefault(nsIDOMEvent *aEvent, PRBool *aHandled)
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
|
||||||
|
return NS_OK;
|
||||||
|
|
||||||
nsAutoString type;
|
nsAutoString type;
|
||||||
aEvent->GetType(type);
|
aEvent->GetType(type);
|
||||||
|
|
||||||
|
@ -276,8 +279,7 @@ nsXFormsTriggerElement::HandleDefault(nsIDOMEvent *aEvent, PRBool *aHandled)
|
||||||
aView,
|
aView,
|
||||||
1); // Simple click
|
1); // Simple click
|
||||||
|
|
||||||
// XXX: What about uiEvent->SetTrusted(?), should these events be
|
nsXFormsUtils::SetEventTrusted(uiEvent, mElement);
|
||||||
// trusted or not?
|
|
||||||
|
|
||||||
PRBool cancelled;
|
PRBool cancelled;
|
||||||
return target->DispatchEvent(uiEvent, &cancelled);
|
return target->DispatchEvent(uiEvent, &cancelled);
|
||||||
|
@ -328,6 +330,9 @@ nsXFormsSubmitElement::HandleDefault(nsIDOMEvent *aEvent, PRBool *aHandled)
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
|
||||||
|
return NS_OK;
|
||||||
|
|
||||||
nsAutoString type;
|
nsAutoString type;
|
||||||
aEvent->GetType(type);
|
aEvent->GetType(type);
|
||||||
if (!(*aHandled = type.EqualsLiteral("DOMActivate")))
|
if (!(*aHandled = type.EqualsLiteral("DOMActivate")))
|
||||||
|
|
|
@ -211,7 +211,8 @@ nsXFormsUploadElement::Focus(nsIDOMEvent *aEvent)
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
nsXFormsUploadElement::Blur(nsIDOMEvent *aEvent)
|
nsXFormsUploadElement::Blur(nsIDOMEvent *aEvent)
|
||||||
{
|
{
|
||||||
if (!mInput || !mBoundNode || !mModel)
|
if (!mInput || !mBoundNode || !mModel ||
|
||||||
|
!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement))
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
|
|
||||||
nsAutoString value;
|
nsAutoString value;
|
||||||
|
|
|
@ -80,6 +80,9 @@
|
||||||
#include "nsIDOM3Node.h"
|
#include "nsIDOM3Node.h"
|
||||||
#include "nsIConsoleService.h"
|
#include "nsIConsoleService.h"
|
||||||
#include "nsIStringBundle.h"
|
#include "nsIStringBundle.h"
|
||||||
|
#include "nsIDOMNSEvent.h"
|
||||||
|
#include "nsIURI.h"
|
||||||
|
#include "nsIPrivateDOMEvent.h"
|
||||||
|
|
||||||
#define CANCELABLE 0x01
|
#define CANCELABLE 0x01
|
||||||
#define BUBBLES 0x02
|
#define BUBBLES 0x02
|
||||||
|
@ -719,17 +722,75 @@ nsXFormsUtils::DispatchEvent(nsIDOMNode* aTarget, nsXFormsEvent aEvent)
|
||||||
const EventData *data = &sXFormsEventsEntries[aEvent];
|
const EventData *data = &sXFormsEventsEntries[aEvent];
|
||||||
event->InitEvent(NS_ConvertUTF8toUTF16(data->name),
|
event->InitEvent(NS_ConvertUTF8toUTF16(data->name),
|
||||||
data->canBubble, data->canCancel);
|
data->canBubble, data->canCancel);
|
||||||
|
|
||||||
// XXX: What about event->SetTrusted(?) here? Should all these
|
|
||||||
// events be trusted? Right now they're never trusted.
|
|
||||||
|
|
||||||
nsCOMPtr<nsIDOMEventTarget> target = do_QueryInterface(aTarget);
|
nsCOMPtr<nsIDOMEventTarget> target = do_QueryInterface(aTarget);
|
||||||
NS_ENSURE_STATE(target);
|
NS_ENSURE_STATE(target);
|
||||||
|
|
||||||
|
SetEventTrusted(event, aTarget);
|
||||||
|
|
||||||
PRBool defaultActionEnabled;
|
PRBool defaultActionEnabled;
|
||||||
return target->DispatchEvent(event, &defaultActionEnabled);
|
return target->DispatchEvent(event, &defaultActionEnabled);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* static */ nsresult
|
||||||
|
nsXFormsUtils::SetEventTrusted(nsIDOMEvent* aEvent, nsIDOMNode* aRelatedNode)
|
||||||
|
{
|
||||||
|
nsCOMPtr<nsIDOMNSEvent> event(do_QueryInterface(aEvent));
|
||||||
|
if (event) {
|
||||||
|
PRBool isTrusted = PR_FALSE;
|
||||||
|
event->GetIsTrusted(&isTrusted);
|
||||||
|
if (!isTrusted && aRelatedNode) {
|
||||||
|
nsCOMPtr<nsIDOMDocument> domDoc;
|
||||||
|
aRelatedNode->GetOwnerDocument(getter_AddRefs(domDoc));
|
||||||
|
nsCOMPtr<nsIDocument> doc(do_QueryInterface(domDoc));
|
||||||
|
if (doc) {
|
||||||
|
nsIURI* uri = doc->GetDocumentURI();
|
||||||
|
if (uri) {
|
||||||
|
PRBool isChrome = PR_FALSE;
|
||||||
|
uri->SchemeIs("chrome", &isChrome);
|
||||||
|
if (isChrome) {
|
||||||
|
nsCOMPtr<nsIPrivateDOMEvent> privateEvent(do_QueryInterface(aEvent));
|
||||||
|
NS_ENSURE_STATE(privateEvent);
|
||||||
|
privateEvent->SetTrusted(PR_TRUE);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return NS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* static */ PRBool
|
||||||
|
nsXFormsUtils::EventHandlingAllowed(nsIDOMEvent* aEvent, nsIDOMNode* aTarget)
|
||||||
|
{
|
||||||
|
PRBool allow = PR_FALSE;
|
||||||
|
if (aEvent && aTarget) {
|
||||||
|
nsCOMPtr<nsIDOMNSEvent> related(do_QueryInterface(aEvent));
|
||||||
|
if (related) {
|
||||||
|
PRBool isTrusted = PR_FALSE;
|
||||||
|
if (NS_SUCCEEDED(related->GetIsTrusted(&isTrusted))) {
|
||||||
|
if (isTrusted) {
|
||||||
|
allow = PR_TRUE;
|
||||||
|
} else {
|
||||||
|
nsCOMPtr<nsIDOMDocument> domDoc;
|
||||||
|
aTarget->GetOwnerDocument(getter_AddRefs(domDoc));
|
||||||
|
nsCOMPtr<nsIDocument> doc(do_QueryInterface(domDoc));
|
||||||
|
if (doc) {
|
||||||
|
nsIURI* uri = doc->GetDocumentURI();
|
||||||
|
if (uri) {
|
||||||
|
PRBool isChrome = PR_FALSE;
|
||||||
|
uri->SchemeIs("chrome", &isChrome);
|
||||||
|
allow = !isChrome;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
NS_WARN_IF_FALSE(allow, "Event handling not allowed!");
|
||||||
|
return allow;
|
||||||
|
}
|
||||||
|
|
||||||
/* static */ PRBool
|
/* static */ PRBool
|
||||||
nsXFormsUtils::IsXFormsEvent(const nsAString& aEvent,
|
nsXFormsUtils::IsXFormsEvent(const nsAString& aEvent,
|
||||||
PRBool& aCancelable,
|
PRBool& aCancelable,
|
||||||
|
|
|
@ -54,6 +54,7 @@ class nsIXFormsModelElement;
|
||||||
class nsIURI;
|
class nsIURI;
|
||||||
class nsString;
|
class nsString;
|
||||||
class nsIMutableArray;
|
class nsIMutableArray;
|
||||||
|
class nsIDOMEvent;
|
||||||
|
|
||||||
#define NS_NAMESPACE_XFORMS "http://www.w3.org/2002/xforms"
|
#define NS_NAMESPACE_XFORMS "http://www.w3.org/2002/xforms"
|
||||||
#define NS_NAMESPACE_XHTML "http://www.w3.org/1999/xhtml"
|
#define NS_NAMESPACE_XHTML "http://www.w3.org/1999/xhtml"
|
||||||
|
@ -257,7 +258,27 @@ public:
|
||||||
*/
|
*/
|
||||||
static NS_HIDDEN_(nsresult)
|
static NS_HIDDEN_(nsresult)
|
||||||
DispatchEvent(nsIDOMNode* aTarget, nsXFormsEvent aEvent);
|
DispatchEvent(nsIDOMNode* aTarget, nsXFormsEvent aEvent);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets aEvent trusted if aRelatedNode is in chrome.
|
||||||
|
* When dispatching events in chrome, they should be set trusted
|
||||||
|
* because by default event listeners in chrome handle only trusted
|
||||||
|
* events.
|
||||||
|
* Should be called before any event dispatching in XForms.
|
||||||
|
*/
|
||||||
|
static NS_HIDDEN_(nsresult)
|
||||||
|
SetEventTrusted(nsIDOMEvent* aEvent, nsIDOMNode* aRelatedNode);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns PR_TRUE unless aTarget is in chrome and aEvent is not trusted.
|
||||||
|
* This should be used always before handling events. Otherwise if XForms
|
||||||
|
* is used in chrome, it may try to handle events that can be synthesized
|
||||||
|
* by untrusted content. I.e. content documents may create events using
|
||||||
|
* document.createEvent() and then fire them using target.dispatchEvent();
|
||||||
|
*/
|
||||||
|
static NS_HIDDEN_(PRBool)
|
||||||
|
EventHandlingAllowed(nsIDOMEvent* aEvent, nsIDOMNode* aTarget);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns PR_TRUE, if aEvent is an XForms event, and sets the values
|
* Returns PR_TRUE, if aEvent is an XForms event, and sets the values
|
||||||
* of aCancelable and aBubbles parameters according to the event type.
|
* of aCancelable and aBubbles parameters according to the event type.
|
||||||
|
|
Загрузка…
Ссылка в новой задаче